MCPA MuleSoft Certified Platform Architect Level 1 – Non-Functional Requirements of APIs
9. Custom API Policies
Okay, I’ve tried to come up with a network diagram which is 1234-5678, 910, eleven and twelve. Because we have twelve tasks here, each task has associated duration. When I substituted the duration and when I’ve tried to calculate the early start and early finish for each and every activity, the total duration of the project turned out to be 63 days. You can do a try in calculating the forward pass and then the backward pass. However, if we simply take a summation of the duration of all tasks, it happens to be 77 days. Here however, we are doing a few of the activities in parallel. Hence the total duration of the project is 63 63 days. And when I’ve calculated the backward path in the total fluid, the critical path activities happen to be the activities which fall along 135678, 911 and twelve. What does that mean? What are the activities which do not fall on the critical path? Non critical path activities or tasks would be 2410. These three would fall on the non critical path. This is how we need to calculate the critical path and non critical path.
You all can just try calculating the early start and early finish as part of the forward pass and late start and late finish as part of the backward pass. Then you can calculate the total fluid and thereby identify what is your critical path. The representation would look like this I’ll just give you an example here if you look at activity two it says that the predecessor should be activity one. Hence for activity two I’ve given one as a predecessor. When it comes to activity three, predecessor is one once again, hence there is an input from one to three for activity four, predecessor happens to be activity three, hence for four here I’ve made three as a predecessor for activity Five. Also three happens to be the predecessor. That is why there is a connection from three to five. And when it comes to activity six, there are two predecessors. Hence four and five convergent to six.
For the 7th, activity Two and six happened to be the predecessors. Hence I placed seven. Here there are inputs coming in from two and six and activity eight has seven as a predecessor. Activity Nine has eight as a predecessor. Activity Ten and eleven both have nine as a predecessor. Hence ten and eleven there are two inputs or nine is an input booth to ten and eleven. Finally we have activity twelve and Ten and eleven, both are inputs to twelve. This is in short about the network diagram. Now let us take the session further and try to discuss more about the project. Suppose the plan we need to come up with a project charter which happens to be the most critical output of the defined fees.
You need to provide the details on who is the project leaders, sponsor, team members, what is the business process, so on and so forth. We also need to identify what is the critical, the quality, et cetera, and the metrics goal. What is the business impact from the financial benefits which we have already calculated in the Excel sheet? What is the benefit to external customer? This is just a layout or a template on what are the mandatory things which are required to be mentioned in the project chatter those activities for which we have calculated the critical part. We can segregate those activities into activities pertaining to the defined phase, measure, analyze, improve and control phase. Thereby we can mention the duration and then come up with the total duration of the project.
These are a few things which one should bear in mind before creating a project charter. Here is the highlevel business process we need to come up with the business process of invoicing. Here are the various steps associated with the highlevel business process. You search for invoice for which payment is pending. You check whether the invoices have been correctly prioritized. Check for the comments from the sales team. If there are any open customer queries, call up the sales team and customer to resolve the issues. Analyze the invoice and if there are any issues with invoice, place the invoice on hold and resolve the issues. Follow up with customer for payment, receive the payment, enter the payment details and records and close the invoice. This is high level business process and the collection team needs inputs from the sales team, auto management team, an invoice creation team to collect the invoice from customer.
Once the invoice is closed, the information is sent to general ledger team and sales incentive team. Now, if you were to write a SIPOC or if you want to come up with SIPOC diagram, how do you come up with so let me write it here cyborg for each and every input you need to have a supplier. So for the collection team, inputs or the suppliers would be your sales team or a management team. Invoice creation team. So these are the three suppliers which give input to your collections team. And then when it comes to our let me put it in this way. Input would be your collections team and these are all the process steps. And the output here would be the information which is sent to the general ledger team and sales incentive team. So invoice closure is output and the final customers who would consume that would be our general ledger team and the sales incentive team.
So you know who the suppliers are. These are your suppliers. Three suppliers are giving input to your collections team and thereby you follow this process which is P here and the output would be the closed invoice which is then sent to the customer which is or there are two teams in this scenario, general ledger and sends incentives. This is how you need to come up with the SIPOC supplier input process, output and customer. Once you come up with the SIPOC flowchart. We need to actually get into the defined phase and do further analysis. CFO wants the project to be completed within three months, and we have looked at the overall duration of the project, which happens to be 63 days. Even if we consider 21 working days per month, we are pang on target.
Three months multiplied by 21 days in a month would take the count to 63 days. The project leader prepared a project plan raft, and he filled that the project would be completed in three and a half months, which was 77 DS. Right. That was a confusion. Now project leader wanted to identify the tasks that he should focus on to reduce the duration of the project. If you want to compress the schedule by any chance, all you need to do is focus on impacting your critical path. If you have a question on why do we need to identify critical path, there are two reasons. One is to monitor those tasks with a keen eye or observation. Another is to look into compressing the schedule so you can also compress.
We can compress the schedule using two ways. One is called as crashing, which is nothing but adding more resources to the critical path activities. Another is fast tracking. Fast tracking is nothing but doing things in parallel. Doing what? Activities in parallel? Critical path activities in parallel. All right. Please use suitable analysis to identify the tasks and the path that the project leader should focus on. This is where we have spent a lot of time creating the critical path. And then we have come up with a plan. Right. And we know for a fact that the duration will be 63 days now, which is within three months. And thereby we have met the objectives. The critical to quality is reducing the number of defective items or invoices any item or any invoice payment which takes greater than 60 days is called as defective. Anything which takes less than 60 days is not defective.
So one thing which is greater than or equal to 60 days, another which is less than 60 days. Given these values, how do we write the CTQ? CTQ here would be reduction of defective. Any invoice for which payment is not done within 60 days would be termed as defective. So we want to reduce the number of defectives. Data type would be attribute data. Anything which doesn’t make sense. If we represent that in decimal format would be called as attribute data. For example, the number of defectives can be one, two, three, et cetera. I cannot say there would be one five defectives. Right? I cannot represent defectives in percentage terms.
The number of defects also cannot be represented in decimal format. This aside, the unit of measure is the count number of defective products. Operational definition is clear. Any invoice which takes greater than or equal to 60 days for the payment is called as defective. And what is the start and the end of this duration calculation should be clearly mentioned as part of your operational definition. What is the start date of the invoice and what is the end date of the invoice if the payment is done, that’s pivotal because everyone should be measuring the number of days for the invoice payment in a similar fashion.
We cannot have different entries here. Lower specification limit is not specified. We only have the upper specification limit at 60 days. So this is now, and the target is we need to have the payments done within 60 days. This is how you need to come up with the CTQ critical to quality performance characteristics. Now let us try to do attribute agreement analysis before we start collecting the data.
We need to first take a sample of the collected data and then try to look into whether the measurement system is actually reliable or not. Only if the measurement system is reliable. We go ahead and collect a lot of data and then proceed with the baselining, the performance on and so forth. So let me open that specific file and let us do attribute agreement analysis. All right, here is the case study which we need to solve. These are the various invoices, and if an invoice payment is done within 60 days, it is considered to be good. And if the duration of invoice payment exceeds 60 days, it is termed as defective. We have three appraisers, appraiser one, two and three. And each appraiser performs this particular analysis twice. Hence, we have two trials for each appariser.
And then we have a supervisor or standard. Supervisor or standard are always considered to be correct with their analysis. In order to perform attribute agreement analysis, we need to go to stat quality Tools attribute agreement analysis. Since we have the data in multiple columns, we select this radio option which says multiple columns. The moment you click on that, you would see all the column names here. Let us select appraiser one until appraiser three, all trials and click on select. There we go. We have three appraisers and each person is conducting the trial twice. And we have a known standard or attribute which happens to be supervisor.
Now, if I press an okay, we will be able to see the result. I’ll directly go to the session window and try to show you all these values. Any value here which is greater than 90 is extremely good. Anything in between 70 to 90 is acceptable. We need to cautiously accept. However, there is an area of improvement for appraiser too, in that way, so that’s within appraiser I do not see any issues here. You can accept the measurement system. Let us look into between appraisers. It is greater than 70%, so this needs some improvement. You need to provide some kind of training to your appraisers and your standard. Against whom? Your supervisor, against whom we are measuring the other appraisers needs to provide some kind of knowledge transfer session.
If you look into each appraiser was a standard, I see that appraiser two requires some additional attention. Also appraiser three, appraiser one is doing a great job. Now if you look into all appraisers was a standard, it is 73. 33%. So you cautiously access the measurement system. Though there is area for improvement less than 70, you reject the measurement system. So we are going to proceed with this analysis here. We need to provide the repeatability and accuracy values for each and every appraiser. What is the repeatability? Repeatability is within appraisers it is 93. 33. For the second appraiser it is 86. 67, for the third appraiser it is 90. And then we need to get into accuracy. Let us look into individual accuracy. It’s again 93. 33 for the first appraiser.
For the second appraiser it is 83. 33 and for the third appraiser it is 86. 67. And finally we have the team accuracy, which is all appraisers was a standard. And the value happens to be 73. 33 here. There we go. So we have entered all these values also here. It’s taking a while for me to save the data. So that’s okay. Let us proceed further. So project leader wants to collect the data now because the measurement system is cautiously acceptable. So we need to collect the data based on all these parameters. We have a data collection plan on where would you collect the data, how would you measure the duration of invoice payment? What is the data collection process? From which state and the wait state would the data be collected? Who would be the analysts or appraisers?
Who would be collecting the data? Do we require any support? And what are the risks and issues associated with the data collection process? Post we collect the data, we need to baseline the performance. And in order to baseline the performance, we would be looking into a minitab file. Before that, let us understand this. So project leader, he randomly selected a sample of 120 invoices and checked whether the invoices were closed within 60 days or not. Payment for an invoice not received within 30 or within 60 days was considered as late payment or defective.
The project leader wants to find sigma level to assess the current process performance and also to baseline for comparison post project. So let me open that minitab file and let us try to calculate the Z short term and the Z long term. So here we have the minitab file and we need to now baseline the performance. In order to baseline the performance, first let us try to understand this data. We have the invoice numbers. We have the data on whether a specific invoice has been categorized as defective or not. If invoice is closed within 60 days, then you give it a number zero.
That means it is not defective. If it takes more than 60 days, then you give it a number one, which means the invoice is termed as defective. And we have in total 120 entries. So the sample size happens to be 120 here. And if you want to calculate the count of defectives all of 120, all you can do is go to stat basic statistics, display descriptive statistics. And we are trying to find out the count of defective. So I’m going to select defectives here. And if I look at the summation of defective, since each defective is given the number one, if you look at the summation of this, it would give you the count. So let me go to statistics here and select the option sum. Click on OK and let me click on OK. Once again, the sum happens to be 26. So there are 26 defectives out of 120 sample size.
We can go to the sigma level calculator and then put these values within that and try to solve this once again while I pull out the sigma level calculator. So here we have the sigma level calculator. The summation here happens to be 26. So there are 26 defectives. Let me go back to the sigma level calculator. Here we go. So we have 26 defectives and the sample size happens to be 120. If you substitute these two values, sigma levels short term and long term is given to you as 2. 28. And we have zero point 78 as sigma level longterms. Let us put that into our PowerPoint presentation. Here we go. Z longterm happens to be 0. 78. MV, short term happens to be 2. 28.
Now let us proceed with the further analysis. All right, so the project team brainstormed to identify the factors affecting the time to receive payments. The brainstorming sessions except is available in a worksheet. I’m going to show you that in a moment. Please use the excerpts to plot it on an Ishikawa diagram and identify the potential inputs for which we should collect data to validate whether they critically affect the time taken to close an invoice. So let me take you to that particular worksheet. Here we go. So this is your Ishikava analysis.
Already the details on what are your potential inputs are given here. Nevertheless, let us try to understand on how to come up with Kawa diagram, which is also called a fish and bone diagram. With an fish and bone diagram, the head of the fish always represents the effect and the effect is time taken to collect the payment process. And we need to also draw the bones of the fish. Here are the bones which I’m trying to draw. And we also need to come up with some high level categories. I would come up with a category which includes operations manager, quality supervisor, training manager, and finally we have an executive. These are the four broad categories. Now we ask on what are the few issues because of which the payment process is getting delayed and what could be those inputs pertaining to operations manager and then we ask operations manager.
We get to know all of these things pertaining to operations manager here. Our analysts aren’t experienced to deal with all issues. So that would be one input here. I guess the priority of invoice FX, how much time we take to close the invoice, that’s going to be your second input. In that way, wherever we have operations manager here, all of those would be the inputs that you have thought about, which might affect the time taken to collect the payment. Let me move on to quality supervisor. He says I’ve even seen them not following up. That is kind of blaming the analysts. Hence we are going to probably not consider that as a potential input. In that way, wherever you have quality supervisor, all those would be your inputs in the fish bone.
And then we have the training manager. There is only one input for the training manager. We don’t even have a formal training for analysts. That’s more of complain. So we are not going to consider this as a critical input. And then we have two from the executive. Government customers need a million follow ups, major issue. So that would be a potential input executive. Can we do something about the current payment process? Can we do something? That’s more of a question. So that would probably not be a potential input. In this way we need to do a fishbone diagram, list down all the costs or inputs which would affect the payment process and all of that. We need to shortlist the potential inputs. And in order to identify the potential inputs, there are multiple techniques available such as your pew matrix or nominal group technique or multivolting, so on and so forth.
10. Registering API clients
Hi. In this lecture, let us look into the registration of an API client to see how a Pay client can get access to a particular API or multiple APIs. Okay? So the place where a particular API client can go and request for an access on an API is either an Any Point Exchange or the the public portal. Okay? So as we have seen in the previous lectures, the APIs that we publish to the Exchange are visible in the Exchange here.
And anyone in the organization who has access to the endpoint platform can come into the Exchange and then search for the APIs they would like to see by discovering it from the search bar, by putting in some keywords. And once they find the API, they can see the data, metadata, documentation, notebooks and all like we have seen in the previous lectures. And they want to say Request for an access, what they should be doing is come into the API they want to Request for access and go to the options on the top right and say Request for Access.
Okay? Once they click on Request for access. So there will be options presented with AP to choose the API instance application and Slatire. API instance is provided with multiple versions of the particular API. Okay? You are seeing two versions here, because if you remember during one of the exercise we did in the demonstrations, we have created two instances of the same API. One to demonstrate the policy enforcement at the basic endpoint and one to demonstrate the policy enforcement at the proxy right endpoint with proxy. So we ended up with the two versions. So we can select one of the versions which is irrelevant and active to get access on that particular API instance.
And you can also notice that this one in the drop down shows you these instances belong to which environment. Okay? Because the Any Point exchange is agnostic to the environment, you do not see any environment information on the banner or anywhere, right? Like we see in the API manager, runtime manager and all, we don’t see it in Exchange because it is agnostic asset. If it is published to Exchange, it is published to Exchange. Okay? So that is why while requesting the access, it provides with an option to choose correctly to which environment you want access and on what API instance. Okay? So let’s choose one of them, and then the second one is if it is asking you to actually choose the application. This application is nothing but a synonym to the API consumer.
Okay? So we know the term API consumer, right? So this API consumer is synonymous to the application. So we have to choose what APA consumer you are when you are requesting the access. So if it is the first time you are requesting an access, which we are discussing in this course, how to register the API client, right? So the way how to register is we can click on create a new application. When we say click on new application, a dialogue will be appeared and it will ask us to feed in the details required to create or register a particular application or consumer.
Okay, so I’ll put like say if I’m a point of sale system or a consumer who is trying to access the APIs, then I’ll say POS for example, and say point of sale consumer. Okay? And these are optional for now. We can say create. The moment we do this, our consumer will be created which is registered now. Then we will be provided with option to choose the tire we want to belong that particular application. Want to belong to which tire? Which tire of access you are requesting on this particular API.
Okay? So if you remember, in the previous courses we created, the sliders like Basic would be having 100 requests per second. And Silver will have 1000 requests per second, and Gold will have 10,000 requests per second. And if you also remember, we have set automatic approval for the access whoever belongs to the basic reseller tire. And we have selected a manual one for the manual approval for Silver and gold. Right? Let us see both. Now, let me first go with this basic one. It will again show you what kind of tire this is. It says, okay, basic means 100 requests for 1 minute.
And when you say request access, what happens is your request has been received and approved, which is automatic approval. So we can set up automatic approval as well for some tires, if your organization is okay for that particular tire. So there will be a certification question as well with regards to this asking which of the following can be automated? Which of the following options can be automated in the API manager? Okay, so there you can choose an option like there will be multiple options presented. Requesting the access can be automated or granting the client registration can be automated, auto approved and all these things. So the right option is that we can only automate the approval automatically for the tires we can choose.
So now, if you see after approving the particular consumer, POS is granted with a particular client ID and client secret combination of credentials. Okay, so these two combination are called client credentials. So every consumer who requests for access are given with the unique client ID and client secret client credentials combination. So these two are to be used by that particular API client.
Whenever they try to hit the API, they request the access on or on any subsequent APIs which they’re going to request the access in future will also have the same client ID secret. These are not per API instance. These are per consumer. So if the next time the consumer comes and requests access on a different API and when they choose their existing application as POS, the moment they do that, and say register. Then what happens is, again, they get access on that new API, which they don’t have before, but the client identical could be still same. Okay? So this is the basic tire one. So now let’s say there is another consumer who would like to have a gold or silver tire, okay? So again, let’s register a new one.
This particular one could be, let’s say this consumer is Pocalacar, okay? So let’s say this is a third party corp who is accessing the APS of the particular supply chain company. Let’s say create, and this particular consumer wants to choose, say, Gold, which has 10,000 requests per 1 minute. Okay? And now I’ll say request access. What happens now is, see, your request has been received and is pending. And no client credentials were granted yet because they are asking for some higher tire or tire which is set up to have manual approval, it is not pending.
So who approves this particular request then? So there are two kind of people. Whoever is a platform administrator or organizational administrator. So that administrator can go and approve them from the API manager, or there are dedicated roles in the access management which are related to API manager administration. Even those administrators can go and approve them. So let us go and see now, okay? Let’s go to the APA manager. So once we are an API manager, the place where we can go and see the pending requests are in each of the APA instance. Because if you see when raising the request or requesting the access, the consumers request on a specific API, right? So the approvals that are pending for a specific API will reside or link to that particular API only in the API manager. So we can go and we can open that particular instance of the API.
So the administrator will also get an email because you may ask, how will the administrator know that there are pending approvals, right? So who are the roles belong to? Such roles like API manage administrators or organized administrator. All those users will receive an email, okay, in their organizational email saying there was a new request on this particular API and it’s spending for approval. Click on this link in order to go to the approval page, okay? So that particular administrator can click and navigate right from the email. Or if they’re already on the UI, they can come to this place which I’m going to show and approve. So where those approvals will reside are in the contract section.
Okay? So why contracts? This contract is nothing, but it’s a relationship between the API and the APA client, okay? Because an APA client requested for an access to this particular API, indirectly, that client is establishing some kind of contract, right? That’s why they are named contracts. So in the contract, if you see there is a POS who requested access on this. The POS consumers tire is a stellar tire it’s already applied and approved, whereas Pocala Corp actually it’s a gold tire request and the status is still pending. So now as an administrator, I can have a look at the details and say approve or reject. Okay? Let’s say I lay approved the moment I approve.
Then if you see the tire has been applied and again, as an administrator at any time, I can come and override the tire. Okay? So of course this will inform the consumers as well, but administrators will have the right to do that. Okay? So this is what the registration this is how the registration happens for the API clients and consumers and how the organization or platform administrators can approve for the manually set tires and how the automated approvals can happen for some of the tiers where the automatic approval is set up. And the important thing that you need to take away from this is all the consumers are presented with the client credentials.
Okay? So again, you may take a doubt why the administrator from the API manager is not able to see the client secret. Okay? No, this is because client ID is something like a client username, okay? Synonymous. I’m not telling exactly. And client secret is like a password, right? So that combination should be available only with the actual API consumer, even if I am an administrator. The administrator also should not be able to see the client had incurred secret.
Okay? If the client API client forgot or lost their client credentials as an administrator, we can refresh the new or generate the new client ID secret so that they will get a new email or something. But still the administrators cannot see the client ID and secret of a particular ape consumer, okay? Unless the administrator is also the owner of that. The owner is my name, right? So if say it never happens generally it never happens that a mutual administrator will be also owner of APA consumer.
Very rare case. But if it’s an internal organizational thing or a small organization, if the administrator is also one of the warners of that particular application, then yes, every person who belongs to the warner of the API consumer can actually see both client Iding clients. Okay? So where all these things, where all such kind of activities are managed by administrator? This is something we have already seen in two lectures back. So in the landing page of APA manager, not at the APA level, but in the landing page, there is something called client applications.
So if we go to client applications, the administrator can see all the clients, all the consumers who are registered for any of the APS, not a particular API. So if you can click on this Boca La car and see here, we will have all the details of that particular consumer and we can see, okay, what is the insurance ID and what API they have got access for and all.
Okay? So if you here is the place. Like I said, if, say, someone else also needs to be added as the owner, then we can search the person in the organization and add as the owner of that particular consumer. Okay, so this is the registration process and generation of the client credentials. All right, so let us now see in the next lecture how these client credentials play critical role in the policy enforcement. In some of the policy enforcement. Okay, happy learning.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »